From the Red Hat bug at $URL: Name: CVE-2010-4337 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4337 Assigned: 20101130 Reference: MISC: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=605419 Reference: BID:45102 Reference: URL: http://www.securityfocus.com/bid/45102 Reference: OSVDB:69533 Reference: URL: http://www.osvdb.org/69533 Reference: SECUNIA:42416 Reference: URL: http://secunia.com/advisories/42416 The configure script in gnash 0.8.8 allows local users to overwrite arbitrary files via a symlink attack on the (1) /tmp/gnash-configure-errors.$$, (2) /tmp/gnash-configure-warnings.$$, or (3) /tmp/gnash-configure-recommended.$$ files.
Fixed in gnash-0.8.8.ebuild without revbump, as this does not affect users who have gnash already installed.
(In reply to comment #1) > Fixed in gnash-0.8.8.ebuild without revbump, as this does not affect users who > have gnash already installed. > Thank you. GLSA Vote: No.
CVE-2010-4337 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4337): The configure script in gnash 0.8.8 allows local users to overwrite arbitrary files via a symlink attack on the (1) /tmp/gnash-configure-errors.$$, (2) /tmp/gnash-configure-warnings.$$, or (3) /tmp/gnash-configure-recommended.$$ files.
Vote: NO. Very unlikely to be every exploited in real life. Closing noglsa.